1. CVE-Search
  2. CVE-2006-3454
ID CVE-2006-3454
Summary Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*
CVSS
Base: 7.2 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 19986
bugtraq
  • 20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability
  • 20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition
confirm http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
misc http://layereddefense.com/SAV13SEPT.html
sectrack 1016842
secunia 21884
vupen ADV-2006-3599
xf symantecantivirus-messages-code-execution(28936)
Last major update 18-10-2018 - 16:47
Published 14-09-2006 - 00:07
Last modified 18-10-2018 - 16:47
Back to Top